Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73085187-53ef-40b6-b689-bcc9d724ab2c.roa
File:                     73085187-53ef-40b6-b689-bcc9d724ab2c.roa (raw, json)
Hash identifier:          IqtCpbI6gwAHFMJw6nP/r2z21TiFyPaYgEwr8mR7f/s=
Subject key identifier:   99:98:B2:53:74:2D:16:6F:DE:D0:9F:56:BC:B0:0E:B7:56:9A:0F:4C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CE0EC4C5162A9C885978863E12174F9170B91F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73085187-53ef-40b6-b689-bcc9d724ab2c.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.118.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:e0:ec:4c:51:62:a9:c8:85:97:88:63:e1:21:74:f9:17:0b:91:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=25def03250a2ad3592c94dbb007bc35eadd397c5b26ecb133a9a7f11a9bca670, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f1:7f:06:c9:6e:13:5b:74:d4:3e:d1:50:dc:
                    b5:08:a9:e7:fc:6b:9b:04:42:ee:18:e2:95:b4:92:
                    15:42:24:f6:2e:65:d9:44:97:97:7d:e1:f1:f1:ea:
                    4c:6b:2f:50:4c:46:51:c0:da:29:9c:75:77:3d:98:
                    e1:c5:fa:54:54:34:86:47:f4:77:72:ec:f0:2d:ef:
                    93:ce:95:70:28:9a:ab:2a:e1:e7:56:10:01:f9:34:
                    fb:36:cf:5d:bb:c3:2a:a6:56:22:35:53:f5:71:20:
                    5f:c3:ac:7a:65:8a:b4:f0:a5:6e:85:7c:0a:b8:e2:
                    e9:04:72:ef:47:5c:f8:c1:96:56:8e:42:c3:f4:43:
                    9d:f6:35:f0:ba:a3:c9:bc:f3:93:5b:7f:6e:ae:a9:
                    31:8c:a5:2f:f2:77:f2:0d:30:33:55:98:a8:1b:61:
                    5f:8d:ff:c8:3a:e6:13:e9:b2:a1:7c:7d:21:47:79:
                    90:0b:9f:d7:48:79:69:d3:59:a1:57:d9:ea:fc:79:
                    9d:4b:dd:1d:17:9e:15:64:60:0b:24:0b:0f:48:25:
                    51:64:fa:26:e2:95:48:75:1e:85:44:e8:ce:f4:65:
                    37:38:68:3c:5c:4c:17:4b:b7:61:93:e6:7d:98:4a:
                    fd:17:66:1c:ff:67:bc:b6:3e:ee:da:b9:8e:f6:d2:
                    70:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:98:B2:53:74:2D:16:6F:DE:D0:9F:56:BC:B0:0E:B7:56:9A:0F:4C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73085187-53ef-40b6-b689-bcc9d724ab2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.118.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a8:90:71:3a:c6:86:69:26:28:f3:b9:ed:25:4b:1a:76:97:1d:
         a6:c1:37:34:09:34:d4:e7:da:67:00:e0:1c:ec:9c:08:2b:7f:
         eb:a6:da:d6:e0:fc:01:6d:cf:a3:8e:56:5c:d9:2d:f2:3d:2e:
         0b:84:81:b1:c3:17:9b:25:7f:ee:e1:02:97:1c:9a:e7:66:c9:
         9f:8c:ea:62:25:d3:43:2c:da:57:45:e9:2f:f7:dd:44:ad:79:
         1c:f4:ab:ed:89:85:d9:ff:32:89:d6:08:fc:60:2b:d0:df:ab:
         f7:c1:87:14:e2:af:06:87:36:88:c1:9e:b0:19:77:d5:41:5e:
         ee:54:29:1a:21:99:0d:8d:82:af:61:12:4e:a0:39:31:05:66:
         89:0b:91:9d:82:df:2c:a1:43:6c:1c:96:2f:43:b7:57:99:cc:
         3d:c1:38:bf:9e:62:7f:34:0e:c8:5a:4d:c1:30:8c:ff:ed:a9:
         41:c5:de:cb:ba:06:e9:a4:77:44:9b:64:40:b5:bb:22:9e:42:
         58:49:d1:2f:c1:24:a6:c2:3c:c0:06:4d:95:8c:fa:a2:66:f7:
         d0:e1:07:86:02:43:2f:0d:42:6e:6e:05:28:c1:60:76:a6:d0:
         ec:c7:d9:e5:f8:41:f3:bf:dc:49:d0:df:e4:81:c0:9d:c0:99:
         9f:27:6a:df
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXODsTFFiqciFl4hj4SF0+RcLkfQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNWRlZjAzMjUwYTJhZDM1OTJjOTRkYmIwMDdiYzM1ZWFk
ZDM5N2M1YjI2ZWNiMTMzYTlhN2YxMWE5YmNhNjcwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF8X8GyW4TW3TUPtFQ3LUIqef8a5sEQu4Y4pW0khVCJPYu
ZdlEl5d94fHx6kxrL1BMRlHA2imcdXc9mOHF+lRUNIZH9Hdy7PAt75POlXAomqsq
4edWEAH5NPs2z127wyqmViI1U/VxIF/DrHplirTwpW6FfAq44ukEcu9HXPjBllaO
QsP0Q532NfC6o8m885Nbf26uqTGMpS/yd/INMDNVmKgbYV+N/8g65hPpsqF8fSFH
eZALn9dIeWnTWaFX2er8eZ1L3R0XnhVkYAskCw9IJVFk+ibilUh1HoVE6M70ZTc4
aDxcTBdLt2GT5n2YSv0XZhz/Z7y2Pu7auY720nCvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmZiyU3QtFm/e0J9WvLAOt1aaD0wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzczMDg1MTg3LTUzZWYtNDBiNi1iNjg5LWJjYzlkNzI0YWIyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQdjANBgkqhkiG9w0BAQsFAAOCAQEAqJBxOsaGaSYo87ntJUsadpcdpsE3
NAk01OfaZwDgHOycCCt/66ba1uD8AW3Po45WXNkt8j0uC4SBscMXmyV/7uEClxya
52bJn4zqYiXTQyzaV0XpL/fdRK15HPSr7YmF2f8yidYI/GAr0N+r98GHFOKvBoc2
iMGesBl31UFe7lQpGiGZDY2Cr2ESTqA5MQVmiQuRnYLfLKFDbByWL0O3V5nMPcE4
v55ifzQOyFpNwTCM/+2pQcXey7oG6aR3RJtkQLW7Ip5CWEnRL8EkpsI8wAZNlYz6
omb30OEHhgJDLw1Cbm4FKMFgdqbQ7MfZ5fhB87/cSdDf5IHAncCZnydq3w==
-----END CERTIFICATE-----